Hackers Hijacking ColdFusion Websites, Warns SANS

According to a warning from the SANS Institute security researchers, cyber criminals compromised numerous ColdFusion websites between July 1 and July 3, 2009. Reportedly, ColdFusion is a software of Adobe that resolves users' daily problems arising from the development of Internet applications.

News reports state that malware purveyors and hackers are conducting bulk hijack of websites running flawed ColdFusion software installations on servers.

Bojan Zdrnja, a security researcher, said there is a pair of attack vectors employing flawed FCKEditor installations and miscreants are exploiting them. One of these attack vectors of version 8.0.1 installs a flawed FCKEditor that actually runs by default, as reported by scmagazineuk on July 3, 2009.

Zdrnja said that it was indeed bad to know about the attack vectors and their exploitation, as an attacker could simply exploit FCKEditor for installing arbitrary files on vulnerable servers. In other words, the attacker could easily hijack the server by delivering malware which in turn could enable to hijack other PCs connected to the server, as those PCs are likely to get infected.

The second attack vector also employs flawed FCKEditor installations, but this one is dropped via intermediary application. A common application which has been observed during attacks is CFWebstore, which is widely used commercial software for ColdFusion.

Consequently, SANS has warned users of earlier editions of CFWebstore that they are at risk of malware attacks since hackers and malware distributors are exploiting FCKEditor. According to the Institute, it is important that users of CFWebstore employ the application's up-to-date version and uninstall the older versions to keep their systems safe from malware attacks.

Meanwhile SANS reckons that the perpetrators of the assault belong to the same gang of criminals who staged a similar assault earlier during March 2009.

For this reason, security researchers have recommended that website administrators assess their ColdFusion loadings. They need to ensure that all installed software are wholly patched and updated. And lastly, administrators also check that there are no discarded or forgotten ColdFusion applications on their servers that might be susceptible to malware assault.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 7/18/2009